FW: Re: Is there a line of defense against Distributed Reflective attacks?

Avleen Vig lists-nanog at silverwraith.com
Mon Jan 20 16:49:42 UTC 2003


On Mon, 20 Jan 2003, Christopher L. Morrow wrote:

> > I was refering specifically to end user workstations. For example home
> > machines on dial up or broadband connections.
> > A lot of broadband providers already prohibit running servers and block
> > certain inbound ports (eg 21 and 80).
> > *shrug* just seems like it would make more sense to block all incoming
> > 'syn' packets.
>
> Doesn't this stop kazaa/morpheus/gnutella/FTP/<some aim stuff like private
> chats>? This is a problematic setup, and woudl require the cable modem
> provider to maintain a quickly changing 'firewall' :( I understand the
> want to do it, but I'm not sure its practical to see it happen based
> solely on the hassle factor :( Hmm, security, "you gotta pay to play"
> (Some famous man once said that I believe)

Indeed it does break that. P2P clients: Mostly transfer illegal content.
As much as a lot of people love using these, I'm sure most realise they're
on borrowed time in their current state.
And I'm sure that if they were gone tomorrow, I'm sure they'd be back in
another fashion soon.
Ftp/HTTP etc I believe most cable providers currently block these anyway
:-)

There's a chance it'd break things like file transfers on IM clients but
I'm sure they'd be altered too.



More information about the NANOG mailing list